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WHAT IS CLAIMED IS: 

1 . A method of providing key n^anagement comprising: 
providing a server; 

providing a client configured to be coupled to said server; 
providing a trusted third papy configured to be coupled to said client; 



allowing said server to init 



said key management session wit! l 



generating a trigger message at said server; 



generating a nonce at said 



ate a key management session with said client 



The method as described h i claim 1 wherein said allowing said server to initiate 



said client comprises: 



server; 



conveying said trigger m€ ssage and said nonce to said client. 

3. The method as described in claim 2 and further comprising: 
receiving said trigger message and said nonce at said client; 
generating a response message to said trigger message; 
conveying said response message and a returned_nonce to said server. 

4. The method as described in claim 3 and further comprising: 
predetermining an out/of-bounds value for said nonce to prevent an attacker from 

simulating a client initiated key management session; 

checking said nonc^to determine whether the value of said nonce is said out-of- 
bounds value. 



1 5. The method as described in claim 3 and further comprising: 

2 confirming the value of said returned_nonce at said server; and 

3 conveying a reply message from said client to said server. 

1 6. The method as described in claim 1 and further comprising: 

2 receiving from said client a response message and a false nonce at said server; 

3 determining! that said false_nonce is false; 

4 disregarding said client response message. 

1 7. A method jbf providing key management in a Kerberos based system, said method 

2 comprising: 

3 providing a server; 
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providing a client configured tb be coupled to said server; 
providing a key distribution ce iter configured to act as a trusted third party for 
said client and said server; 

initiating a key management sdssion by said server with said client 



The method as described in ch im 7 and further comprising: 
generating a trigger message ai said server; 
generating a nonce at said server; 

conveying said trigger message and said nonce to said client. 



The method as described in c 



generating a response messaj 



aim 8 and further comprising: 



receiving said trigger message and said nonce at said client; 



to said trigger message; 



10. 



11. 



conveying said response message and a returned_nonce to said server. 

The method as described in/claim 9 and further comprising: 
confirming the value of saw! returned_nonce at said server; and then 
continuing with said key management session. 

The method as described/in claim 7 and further comprising: 

receiving at said server a response message and a false_nonce from said client; 

determining that said false_nonce does not match said nonce; 

determining that said server did not initiate said key management session. 



12. A method of initiating/ a key management session for a cable telephony adapter 
(CTA. and a Signaling Controller in an IP Telephony network, the method comprising: 
providing said Signaling Controller; 

providing said CTA /configured to be coupled to said Signaling Controller; 

providing a key distribution center (KDC; 

generating a trigger message at said Signaling Controller; 

generating a nonce at said Signaling Controller; 

coupling said notice with said trigger message; 

transmitting saia nonce coupled with said trigger message to said CTA; 
generating a response message to said trigger message; 
using the value of said nonce as the value of a returned_nonce; 
coupling said response message with said returned_nonce; 



9 



• # 

13 transmitting said returned_nonce and said response message to said Signaling 

14 Controller; / 

15 comparing said returned_nonce to said nonce; 

16 transmitting an AP reply in reply to said response message; 

17 transmitting an SA recovered message to said Signalling Controller. 

1 13. A method of conveying a key/ from a server to a client, comprising: 

2 generating a wakeup message at said server; 

3 generating a server_nonce at/said server; 

4 conveying said wakeup message and said nonce to said client; 

5 generating an AP request message at said client; 

6 conveying a client_nonce and said AP request message to said server; 

7 confirming that said client /nonce conveyed with said AP request message 

8 matches said server_nonce gener^ed at said server; 

1 14. A method of confirming mat a message received by a server from a client was 

2 triggered by the server: / 

3 receiving an AP request/message from said client; 

4 receiving a clientnonoe from said client wherein said client_nonce is associated 

5 with said AP request; / 

6 determining whethe/ said clientnonce matches a nonce conveyed from said 

7 server. / 

1 15. The method as described in claim 14 and further comprising: 

2 determining that said client nonce does not match said nonce conveyed from said 

3 server; and / 

4 disregarding said AP request. 

1 16. The method as described in claim 1 5 and further comprising: 

2 awaiting at said client for a reply from said server to said AP request; 

3 aborting said AP request session after a predetermined time period if no reply is 

4 received from said server. 

1 17. The method as described in claim 14 and further comprising: 

2 determining that said clientnonce does match said nonce conveyed from said 

3 server:/and 
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generating an AP reply at jsaid server to said AP request. 

18. A system for providing key management in a Kerberos based system, said system 
comprising: / 

a server; / 

a client configured to/be coupled to said server; 

a key distribution center configured to act as a trusted third party for said client 
and said server; I 

computer code coupled to said server operable to initiate a key management 
session by said server with said client. 

19. The system as described in claim 18 wherein said computer code operable to 
initiate a key managemenjf session comprises computer code operable to generate a trigger 
message at said server; and further comprising: 

computer code cpupled to said server operable to generate a nonce at said server; 
computer code coupled to said server operable to convey said trigger message and said 
nonce to said client. / 

20. The system as described in claim 19 and further comprising: 

computer code coupled to said client operable to generate a response message to 
said trigger message; 

computer code coupled to said client operable to convey said response message 
and a returned_nonce to said server. 

21 . The system as described in claim 20 and further comprising: 

computer code coupled to said server operable to confirm the value of said 
returned nonce at said server. 



11 



